nginx: src/event/ngx_event_quic_protection.c annotate

annotate src/event/ngx_event_quic_protection.c @ 8646:4bf332873a83 quic

QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Per the latest post draft-32 specification updates on the topic: https://github.com/quicwg/base-drafts/pull/4391

author	Sergey Kandaurov <pluknet@nginx.com>
date	Wed, 18 Nov 2020 20:56:11 +0000
parents	ae4bffb75df8
children	dbad2d6d1898

rev	line source
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	2 /*
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	3 * Copyright (C) Nginx, Inc.
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	4 */
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	5
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	6
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	7 #include <ngx_config.h>
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	8 #include <ngx_core.h>
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	9 #include <ngx_event.h>
8486 d0ac4449a07f QUIC: fixed bulding perl module by reducing header pollution. Sergey Kandaurov <pluknet@nginx.com> parents: 8478 diff changeset	10 #include <ngx_event_quic_transport.h>
d0ac4449a07f QUIC: fixed bulding perl module by reducing header pollution. Sergey Kandaurov <pluknet@nginx.com> parents: 8478 diff changeset	11 #include <ngx_event_quic_protection.h>
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	12
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	13
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	14 #define NGX_QUIC_IV_LEN 12
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	15
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	16 #define NGX_AES_128_GCM_SHA256 0x1301
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	17 #define NGX_AES_256_GCM_SHA384 0x1302
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	18 #define NGX_CHACHA20_POLY1305_SHA256 0x1303
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	19
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	20
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	21 #ifdef OPENSSL_IS_BORINGSSL
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	22 #define ngx_quic_cipher_t EVP_AEAD
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	23 #else
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	24 #define ngx_quic_cipher_t EVP_CIPHER
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	25 #endif
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	26
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	27
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	28 typedef struct {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	29 const ngx_quic_cipher_t *c;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	30 const EVP_CIPHER *hp;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	31 const EVP_MD *d;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	32 } ngx_quic_ciphers_t;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	33
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	34
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	35 typedef struct ngx_quic_secret_s {
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	36 ngx_str_t secret;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	37 ngx_str_t key;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	38 ngx_str_t iv;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	39 ngx_str_t hp;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	40 } ngx_quic_secret_t;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	41
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	42
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	43 typedef struct {
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	44 ngx_quic_secret_t client;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	45 ngx_quic_secret_t server;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	46 } ngx_quic_secrets_t;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	47
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	48
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	49 struct ngx_quic_keys_s {
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	50 ngx_quic_secrets_t secrets[NGX_QUIC_ENCRYPTION_LAST];
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	51 ngx_quic_secrets_t next_key;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	52 ngx_uint_t cipher;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	53 };
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	54
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	55
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	56 static ngx_int_t ngx_hkdf_expand(u_char *out_key, size_t out_len,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	57 const EVP_MD digest, const u_char prk, size_t prk_len,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	58 const u_char *info, size_t info_len);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	59 static ngx_int_t ngx_hkdf_extract(u_char out_key, size_t out_len,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	60 const EVP_MD digest, const u_char secret, size_t secret_len,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	61 const u_char *salt, size_t salt_len);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	62
8339 aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	63 static uint64_t ngx_quic_parse_pn(u_char *pos, ngx_int_t len, u_char mask,
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	64 uint64_t *largest_pn);
8310 7ac890c18f5e Fixed computing nonce by xoring all packet number bytes. Sergey Kandaurov <pluknet@nginx.com> parents: 8307 diff changeset	65 static void ngx_quic_compute_nonce(u_char *nonce, size_t len, uint64_t pn);
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	66 static ngx_int_t ngx_quic_ciphers(ngx_uint_t id,
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	67 ngx_quic_ciphers_t *ciphers, enum ssl_encryption_level_t level);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	68
8288 ebd5c71b9f02 Got rid of memory allocation in decryption. Vladimir Homutov <vl@nginx.com> parents: 8287 diff changeset	69 static ngx_int_t ngx_quic_tls_open(const ngx_quic_cipher_t *cipher,
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	70 ngx_quic_secret_t s, ngx_str_t out, u_char nonce, ngx_str_t in,
8287 ccb9cc95ad5e Logging cleanup. Vladimir Homutov <vl@nginx.com> parents: 8285 diff changeset	71 ngx_str_t ad, ngx_log_t log);
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	72 static ngx_int_t ngx_quic_tls_seal(const ngx_quic_cipher_t *cipher,
f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	73 ngx_quic_secret_t s, ngx_str_t out, u_char nonce, ngx_str_t in,
f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	74 ngx_str_t ad, ngx_log_t log);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	75 static ngx_int_t ngx_quic_tls_hp(ngx_log_t log, const EVP_CIPHER cipher,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	76 ngx_quic_secret_t s, u_char out, u_char *in);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	77 static ngx_int_t ngx_quic_hkdf_expand(ngx_pool_t pool, const EVP_MD digest,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	78 ngx_str_t out, ngx_str_t label, const uint8_t *prk, size_t prk_len);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	79
8644 e953bd2c5bb3 QUIC: merged create_long/short_packet() functions. Sergey Kandaurov <pluknet@nginx.com> parents: 8643 diff changeset	80 static ngx_int_t ngx_quic_create_packet(ngx_quic_header_t *pkt,
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	81 ngx_str_t *res);
8383 7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	82 static ngx_int_t ngx_quic_create_retry_packet(ngx_quic_header_t *pkt,
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	83 ngx_str_t *res);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	84
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	85
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	86 static ngx_int_t
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	87 ngx_quic_ciphers(ngx_uint_t id, ngx_quic_ciphers_t *ciphers,
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	88 enum ssl_encryption_level_t level)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	89 {
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	90 ngx_int_t len;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	91
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	92 if (level == ssl_encryption_initial) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	93 id = NGX_AES_128_GCM_SHA256;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	94 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	95
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	96 switch (id) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	97
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	98 case NGX_AES_128_GCM_SHA256:
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	99 #ifdef OPENSSL_IS_BORINGSSL
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	100 ciphers->c = EVP_aead_aes_128_gcm();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	101 #else
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	102 ciphers->c = EVP_aes_128_gcm();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	103 #endif
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	104 ciphers->hp = EVP_aes_128_ctr();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	105 ciphers->d = EVP_sha256();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	106 len = 16;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	107 break;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	108
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	109 case NGX_AES_256_GCM_SHA384:
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	110 #ifdef OPENSSL_IS_BORINGSSL
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	111 ciphers->c = EVP_aead_aes_256_gcm();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	112 #else
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	113 ciphers->c = EVP_aes_256_gcm();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	114 #endif
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	115 ciphers->hp = EVP_aes_256_ctr();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	116 ciphers->d = EVP_sha384();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	117 len = 32;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	118 break;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	119
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	120 case NGX_CHACHA20_POLY1305_SHA256:
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	121 #ifdef OPENSSL_IS_BORINGSSL
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	122 ciphers->c = EVP_aead_chacha20_poly1305();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	123 #else
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	124 ciphers->c = EVP_chacha20_poly1305();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	125 #endif
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	126 #ifdef OPENSSL_IS_BORINGSSL
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	127 ciphers->hp = (const EVP_CIPHER *) EVP_aead_chacha20_poly1305();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	128 #else
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	129 ciphers->hp = EVP_chacha20();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	130 #endif
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	131 ciphers->d = EVP_sha256();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	132 len = 32;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	133 break;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	134
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	135 default:
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	136 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	137 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	138
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	139 return len;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	140 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	141
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	142
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	143 ngx_int_t
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	144 ngx_quic_keys_set_initial_secret(ngx_pool_t pool, ngx_quic_keys_t keys,
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	145 ngx_str_t *secret)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	146 {
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	147 size_t is_len;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	148 uint8_t is[SHA256_DIGEST_LENGTH];
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	149 ngx_uint_t i;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	150 const EVP_MD *digest;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	151 const EVP_CIPHER *cipher;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	152 ngx_quic_secret_t client, server;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	153
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	154 static const uint8_t salt[20] =
8448 011668fc9efd Update Initial salt and Retry secret from quic-tls-29. Sergey Kandaurov <pluknet@nginx.com> parents: 8446 diff changeset	155 #if (NGX_QUIC_DRAFT_VERSION >= 29)
011668fc9efd Update Initial salt and Retry secret from quic-tls-29. Sergey Kandaurov <pluknet@nginx.com> parents: 8446 diff changeset	156 "\xaf\xbf\xec\x28\x99\x93\xd2\x4c\x9e\x97"
011668fc9efd Update Initial salt and Retry secret from quic-tls-29. Sergey Kandaurov <pluknet@nginx.com> parents: 8446 diff changeset	157 "\x86\xf1\x9c\x61\x11\xe0\x43\x90\xa8\x99";
011668fc9efd Update Initial salt and Retry secret from quic-tls-29. Sergey Kandaurov <pluknet@nginx.com> parents: 8446 diff changeset	158 #else
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	159 "\xc3\xee\xf7\x12\xc7\x2e\xbb\x5a\x11\xa7"
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	160 "\xd2\x43\x2b\xb4\x63\x65\xbe\xf9\xf5\x02";
8448 011668fc9efd Update Initial salt and Retry secret from quic-tls-29. Sergey Kandaurov <pluknet@nginx.com> parents: 8446 diff changeset	161 #endif
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	162
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	163 client = &keys->secrets[ssl_encryption_initial].client;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	164 server = &keys->secrets[ssl_encryption_initial].server;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	165
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	166 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	167
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	168 cipher = EVP_aes_128_gcm();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	169 digest = EVP_sha256();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	170
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	171 if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	172 salt, sizeof(salt))
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	173 != NGX_OK)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	174 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	175 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	176 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	177
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	178 ngx_str_t iss = {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	179 .data = is,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	180 .len = is_len
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	181 };
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	182
8360 f175006124d0 Cleaned up hexdumps in debug output. Vladimir Homutov <vl@nginx.com> parents: 8359 diff changeset	183 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, pool->log, 0,
f175006124d0 Cleaned up hexdumps in debug output. Vladimir Homutov <vl@nginx.com> parents: 8359 diff changeset	184 "quic ngx_quic_set_initial_secret");
8578 52ad697f9d1c QUIC: enabled more key-related debug by default. Vladimir Homutov <vl@nginx.com> parents: 8565 diff changeset	185 #ifdef NGX_QUIC_DEBUG_CRYPTO
8360 f175006124d0 Cleaned up hexdumps in debug output. Vladimir Homutov <vl@nginx.com> parents: 8359 diff changeset	186 ngx_quic_hexdump(pool->log, "quic salt", salt, sizeof(salt));
f175006124d0 Cleaned up hexdumps in debug output. Vladimir Homutov <vl@nginx.com> parents: 8359 diff changeset	187 ngx_quic_hexdump(pool->log, "quic initial secret", is, is_len);
8359 2f900ae486bc Debug cleanup. Vladimir Homutov <vl@nginx.com> parents: 8339 diff changeset	188 #endif
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	189
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	190 /* draft-ietf-quic-tls-23#section-5.2 */
8306 058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	191 client->secret.len = SHA256_DIGEST_LENGTH;
058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	192 server->secret.len = SHA256_DIGEST_LENGTH;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	193
8306 058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	194 client->key.len = EVP_CIPHER_key_length(cipher);
058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	195 server->key.len = EVP_CIPHER_key_length(cipher);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	196
8306 058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	197 client->hp.len = EVP_CIPHER_key_length(cipher);
058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	198 server->hp.len = EVP_CIPHER_key_length(cipher);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	199
8306 058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	200 client->iv.len = EVP_CIPHER_iv_length(cipher);
058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	201 server->iv.len = EVP_CIPHER_iv_length(cipher);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	202
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	203 struct {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	204 ngx_str_t label;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	205 ngx_str_t *key;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	206 ngx_str_t *prk;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	207 } seq[] = {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	208
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	209 /* draft-ietf-quic-tls-23#section-5.2 */
8306 058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	210 { ngx_string("tls13 client in"), &client->secret, &iss },
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	211 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	212 ngx_string("tls13 quic key"),
8306 058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	213 &client->key,
058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	214 &client->secret,
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	215 },
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	216 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	217 ngx_string("tls13 quic iv"),
8306 058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	218 &client->iv,
058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	219 &client->secret,
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	220 },
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	221 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	222 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	223 ngx_string("tls13 quic hp"),
8306 058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	224 &client->hp,
058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	225 &client->secret,
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	226 },
8306 058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	227 { ngx_string("tls13 server in"), &server->secret, &iss },
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	228 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	229 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.3 */
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	230 ngx_string("tls13 quic key"),
8306 058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	231 &server->key,
058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	232 &server->secret,
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	233 },
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	234 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	235 ngx_string("tls13 quic iv"),
8306 058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	236 &server->iv,
058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	237 &server->secret,
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	238 },
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	239 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	240 /* AEAD_AES_128_GCM prior to handshake, quic-tls-23#section-5.4.1 */
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	241 ngx_string("tls13 quic hp"),
8306 058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	242 &server->hp,
058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	243 &server->secret,
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	244 },
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	245
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	246 };
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	247
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	248 for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	249
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	250 if (ngx_quic_hkdf_expand(pool, digest, seq[i].key, &seq[i].label,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	251 seq[i].prk->data, seq[i].prk->len)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	252 != NGX_OK)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	253 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	254 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	255 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	256 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	257
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	258 return NGX_OK;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	259 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	260
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	261
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	262 static ngx_int_t
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	263 ngx_quic_hkdf_expand(ngx_pool_t pool, const EVP_MD digest, ngx_str_t *out,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	264 ngx_str_t label, const uint8_t prk, size_t prk_len)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	265 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	266 size_t info_len;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	267 uint8_t *p;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	268 uint8_t info[20];
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	269
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	270 if (out->data == NULL) {
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	271 out->data = ngx_pnalloc(pool, out->len);
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	272 if (out->data == NULL) {
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	273 return NGX_ERROR;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	274 }
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	275 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	276
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	277 info_len = 2 + 1 + label->len + 1;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	278
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	279 info[0] = 0;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	280 info[1] = out->len;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	281 info[2] = label->len;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	282 p = ngx_cpymem(&info[3], label->data, label->len);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	283 *p = '\0';
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	284
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	285 if (ngx_hkdf_expand(out->data, out->len, digest,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	286 prk, prk_len, info, info_len)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	287 != NGX_OK)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	288 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	289 ngx_ssl_error(NGX_LOG_INFO, pool->log, 0,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	290 "ngx_hkdf_expand(%V) failed", label);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	291 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	292 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	293
8359 2f900ae486bc Debug cleanup. Vladimir Homutov <vl@nginx.com> parents: 8339 diff changeset	294 #ifdef NGX_QUIC_DEBUG_CRYPTO
8525 64a484fd40a9 QUIC: stripped down debug traces that have served its purpose. Sergey Kandaurov <pluknet@nginx.com> parents: 8486 diff changeset	295 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pool->log, 0, "quic expand %V", label);
8360 f175006124d0 Cleaned up hexdumps in debug output. Vladimir Homutov <vl@nginx.com> parents: 8359 diff changeset	296 ngx_quic_hexdump(pool->log, "quic key", out->data, out->len);
8359 2f900ae486bc Debug cleanup. Vladimir Homutov <vl@nginx.com> parents: 8339 diff changeset	297 #endif
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	298
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	299 return NGX_OK;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	300 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	301
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	302
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	303 static ngx_int_t
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	304 ngx_hkdf_expand(u_char out_key, size_t out_len, const EVP_MD digest,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	305 const uint8_t prk, size_t prk_len, const u_char info, size_t info_len)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	306 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	307 #ifdef OPENSSL_IS_BORINGSSL
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	308 if (HKDF_expand(out_key, out_len, digest, prk, prk_len, info, info_len)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	309 == 0)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	310 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	311 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	312 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	313 #else
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	314
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	315 EVP_PKEY_CTX *pctx;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	316
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	317 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	318
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	319 if (EVP_PKEY_derive_init(pctx) <= 0) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	320 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	321 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	322
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	323 if (EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) <= 0) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	324 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	325 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	326
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	327 if (EVP_PKEY_CTX_set_hkdf_md(pctx, digest) <= 0) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	328 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	329 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	330
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	331 if (EVP_PKEY_CTX_set1_hkdf_key(pctx, prk, prk_len) <= 0) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	332 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	333 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	334
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	335 if (EVP_PKEY_CTX_add1_hkdf_info(pctx, info, info_len) <= 0) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	336 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	337 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	338
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	339 if (EVP_PKEY_derive(pctx, out_key, &out_len) <= 0) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	340 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	341 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	342
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	343 #endif
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	344
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	345 return NGX_OK;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	346 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	347
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	348
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	349 static ngx_int_t
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	350 ngx_hkdf_extract(u_char out_key, size_t out_len, const EVP_MD *digest,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	351 const u_char secret, size_t secret_len, const u_char salt,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	352 size_t salt_len)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	353 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	354 #ifdef OPENSSL_IS_BORINGSSL
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	355 if (HKDF_extract(out_key, out_len, digest, secret, secret_len, salt,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	356 salt_len)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	357 == 0)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	358 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	359 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	360 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	361 #else
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	362
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	363 EVP_PKEY_CTX *pctx;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	364
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	365 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	366
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	367 if (EVP_PKEY_derive_init(pctx) <= 0) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	368 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	369 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	370
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	371 if (EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) <= 0) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	372 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	373 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	374
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	375 if (EVP_PKEY_CTX_set_hkdf_md(pctx, digest) <= 0) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	376 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	377 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	378
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	379 if (EVP_PKEY_CTX_set1_hkdf_key(pctx, secret, secret_len) <= 0) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	380 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	381 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	382
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	383 if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, salt_len) <= 0) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	384 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	385 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	386
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	387 if (EVP_PKEY_derive(pctx, out_key, out_len) <= 0) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	388 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	389 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	390
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	391 #endif
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	392
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	393 return NGX_OK;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	394 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	395
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	396
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	397 static ngx_int_t
8288 ebd5c71b9f02 Got rid of memory allocation in decryption. Vladimir Homutov <vl@nginx.com> parents: 8287 diff changeset	398 ngx_quic_tls_open(const ngx_quic_cipher_t cipher, ngx_quic_secret_t s,
ebd5c71b9f02 Got rid of memory allocation in decryption. Vladimir Homutov <vl@nginx.com> parents: 8287 diff changeset	399 ngx_str_t out, u_char nonce, ngx_str_t in, ngx_str_t ad,
ebd5c71b9f02 Got rid of memory allocation in decryption. Vladimir Homutov <vl@nginx.com> parents: 8287 diff changeset	400 ngx_log_t *log)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	401 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	402
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	403 #ifdef OPENSSL_IS_BORINGSSL
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	404 EVP_AEAD_CTX *ctx;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	405
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	406 ctx = EVP_AEAD_CTX_new(cipher, s->key.data, s->key.len,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	407 EVP_AEAD_DEFAULT_TAG_LENGTH);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	408 if (ctx == NULL) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	409 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_AEAD_CTX_new() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	410 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	411 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	412
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	413 if (EVP_AEAD_CTX_open(ctx, out->data, &out->len, out->len, nonce, s->iv.len,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	414 in->data, in->len, ad->data, ad->len)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	415 != 1)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	416 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	417 EVP_AEAD_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	418 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_AEAD_CTX_open() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	419 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	420 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	421
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	422 EVP_AEAD_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	423 #else
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	424 int len;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	425 u_char *tag;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	426 EVP_CIPHER_CTX *ctx;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	427
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	428 ctx = EVP_CIPHER_CTX_new();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	429 if (ctx == NULL) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	430 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CIPHER_CTX_new() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	431 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	432 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	433
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	434 if (EVP_DecryptInit_ex(ctx, cipher, NULL, NULL, NULL) != 1) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	435 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	436 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptInit_ex() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	437 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	438 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	439
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	440 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, s->iv.len, NULL)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	441 == 0)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	442 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	443 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	444 ngx_ssl_error(NGX_LOG_INFO, log, 0,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	445 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_IVLEN) failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	446 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	447 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	448
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	449 if (EVP_DecryptInit_ex(ctx, NULL, NULL, s->key.data, nonce) != 1) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	450 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	451 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptInit_ex() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	452 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	453 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	454
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	455 if (EVP_DecryptUpdate(ctx, NULL, &len, ad->data, ad->len) != 1) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	456 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	457 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	458 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	459 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	460
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	461 if (EVP_DecryptUpdate(ctx, out->data, &len, in->data,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	462 in->len - EVP_GCM_TLS_TAG_LEN)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	463 != 1)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	464 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	465 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	466 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptUpdate() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	467 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	468 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	469
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	470 out->len = len;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	471 tag = in->data + in->len - EVP_GCM_TLS_TAG_LEN;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	472
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	473 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, EVP_GCM_TLS_TAG_LEN, tag)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	474 == 0)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	475 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	476 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	477 ngx_ssl_error(NGX_LOG_INFO, log, 0,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	478 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_TAG) failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	479 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	480 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	481
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	482 if (EVP_DecryptFinal_ex(ctx, out->data + len, &len) <= 0) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	483 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	484 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_DecryptFinal_ex failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	485 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	486 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	487
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	488 out->len += len;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	489
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	490 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	491 #endif
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	492
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	493 return NGX_OK;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	494 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	495
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	496
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	497 static ngx_int_t
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	498 ngx_quic_tls_seal(const ngx_quic_cipher_t cipher, ngx_quic_secret_t s,
f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	499 ngx_str_t out, u_char nonce, ngx_str_t in, ngx_str_t ad, ngx_log_t *log)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	500 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	501
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	502 #ifdef OPENSSL_IS_BORINGSSL
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	503 EVP_AEAD_CTX *ctx;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	504
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	505 ctx = EVP_AEAD_CTX_new(cipher, s->key.data, s->key.len,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	506 EVP_AEAD_DEFAULT_TAG_LENGTH);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	507 if (ctx == NULL) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	508 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_AEAD_CTX_new() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	509 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	510 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	511
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	512 if (EVP_AEAD_CTX_seal(ctx, out->data, &out->len, out->len, nonce, s->iv.len,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	513 in->data, in->len, ad->data, ad->len)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	514 != 1)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	515 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	516 EVP_AEAD_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	517 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_AEAD_CTX_seal() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	518 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	519 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	520
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	521 EVP_AEAD_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	522 #else
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	523 int len;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	524 EVP_CIPHER_CTX *ctx;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	525
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	526 ctx = EVP_CIPHER_CTX_new();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	527 if (ctx == NULL) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	528 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CIPHER_CTX_new() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	529 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	530 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	531
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	532 if (EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL) != 1) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	533 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	534 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptInit_ex() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	535 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	536 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	537
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	538 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, s->iv.len, NULL)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	539 == 0)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	540 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	541 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	542 ngx_ssl_error(NGX_LOG_INFO, log, 0,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	543 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_IVLEN) failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	544 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	545 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	546
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	547 if (EVP_EncryptInit_ex(ctx, NULL, NULL, s->key.data, nonce) != 1) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	548 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	549 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptInit_ex() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	550 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	551 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	552
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	553 if (EVP_EncryptUpdate(ctx, NULL, &len, ad->data, ad->len) != 1) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	554 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	555 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptUpdate() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	556 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	557 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	558
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	559 if (EVP_EncryptUpdate(ctx, out->data, &len, in->data, in->len) != 1) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	560 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	561 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptUpdate() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	562 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	563 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	564
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	565 out->len = len;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	566
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	567 if (EVP_EncryptFinal_ex(ctx, out->data + out->len, &len) <= 0) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	568 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	569 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptFinal_ex failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	570 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	571 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	572
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	573 out->len += len;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	574
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	575 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, EVP_GCM_TLS_TAG_LEN,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	576 out->data + in->len)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	577 == 0)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	578 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	579 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	580 ngx_ssl_error(NGX_LOG_INFO, log, 0,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	581 "EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_GET_TAG) failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	582 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	583 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	584
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	585 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	586
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	587 out->len += EVP_GCM_TLS_TAG_LEN;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	588 #endif
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	589 return NGX_OK;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	590 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	591
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	592
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	593 static ngx_int_t
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	594 ngx_quic_tls_hp(ngx_log_t log, const EVP_CIPHER cipher,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	595 ngx_quic_secret_t s, u_char out, u_char *in)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	596 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	597 int outlen;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	598 EVP_CIPHER_CTX *ctx;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	599 u_char zero[5] = {0};
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	600
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	601 #ifdef OPENSSL_IS_BORINGSSL
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	602 uint32_t counter;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	603
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	604 ngx_memcpy(&counter, in, sizeof(uint32_t));
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	605
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	606 if (cipher == (const EVP_CIPHER *) EVP_aead_chacha20_poly1305()) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	607 CRYPTO_chacha_20(out, zero, 5, s->hp.data, &in[4], counter);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	608 return NGX_OK;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	609 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	610 #endif
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	611
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	612 ctx = EVP_CIPHER_CTX_new();
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	613 if (ctx == NULL) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	614 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	615 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	616
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	617 if (EVP_EncryptInit_ex(ctx, cipher, NULL, s->hp.data, in) != 1) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	618 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptInit_ex() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	619 goto failed;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	620 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	621
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	622 if (!EVP_EncryptUpdate(ctx, out, &outlen, zero, 5)) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	623 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptUpdate() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	624 goto failed;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	625 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	626
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	627 if (!EVP_EncryptFinal_ex(ctx, out + 5, &outlen)) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	628 ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_EncryptFinal_Ex() failed");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	629 goto failed;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	630 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	631
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	632 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	633
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	634 return NGX_OK;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	635
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	636 failed:
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	637
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	638 EVP_CIPHER_CTX_free(ctx);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	639
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	640 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	641 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	642
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	643
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	644 int ngx_quic_keys_set_encryption_secret(ngx_pool_t *pool, ngx_uint_t is_write,
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	645 ngx_quic_keys_t *keys, enum ssl_encryption_level_t level,
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	646 const SSL_CIPHER cipher, const uint8_t secret, size_t secret_len)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	647 {
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	648 ngx_int_t key_len;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	649 ngx_uint_t i;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	650 ngx_quic_secret_t *peer_secret;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	651 ngx_quic_ciphers_t ciphers;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	652
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	653 peer_secret = is_write ? &keys->secrets[level].server
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	654 : &keys->secrets[level].client;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	655
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	656 /*
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	657 * SSL_CIPHER_get_protocol_id() is not universally available,
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	658 * casting to uint16_t works for both OpenSSL and BoringSSL
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	659 */
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	660 keys->cipher = (uint16_t) SSL_CIPHER_get_id(cipher);
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	661
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	662 key_len = ngx_quic_ciphers(keys->cipher, &ciphers, level);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	663
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	664 if (key_len == NGX_ERROR) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	665 ngx_ssl_error(NGX_LOG_INFO, pool->log, 0, "unexpected cipher");
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	666 return 0;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	667 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	668
8306 058a5af7ddfc Refactored QUIC secrets storage. Vladimir Homutov <vl@nginx.com> parents: 8303 diff changeset	669 if (level == ssl_encryption_initial) {
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	670 return 0;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	671 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	672
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	673 peer_secret->secret.data = ngx_pnalloc(pool, secret_len);
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	674 if (peer_secret->secret.data == NULL) {
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	675 return NGX_ERROR;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	676 }
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	677
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	678 peer_secret->secret.len = secret_len;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	679 ngx_memcpy(peer_secret->secret.data, secret, secret_len);
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	680
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	681 peer_secret->key.len = key_len;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	682 peer_secret->iv.len = NGX_QUIC_IV_LEN;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	683 peer_secret->hp.len = key_len;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	684
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	685 struct {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	686 ngx_str_t label;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	687 ngx_str_t *key;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	688 const uint8_t *secret;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	689 } seq[] = {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	690 { ngx_string("tls13 quic key"), &peer_secret->key, secret },
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	691 { ngx_string("tls13 quic iv"), &peer_secret->iv, secret },
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	692 { ngx_string("tls13 quic hp"), &peer_secret->hp, secret },
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	693 };
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	694
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	695 for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	696
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	697 if (ngx_quic_hkdf_expand(pool, ciphers.d, seq[i].key, &seq[i].label,
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	698 seq[i].secret, secret_len)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	699 != NGX_OK)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	700 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	701 return 0;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	702 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	703 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	704
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	705 return 1;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	706 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	707
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	708
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	709 ngx_quic_keys_t *
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	710 ngx_quic_keys_new(ngx_pool_t *pool)
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	711 {
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	712 return ngx_pcalloc(pool, sizeof(ngx_quic_keys_t));
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	713 }
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	714
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	715
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	716 ngx_uint_t
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	717 ngx_quic_keys_available(ngx_quic_keys_t *keys,
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	718 enum ssl_encryption_level_t level)
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	719 {
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	720 return keys->secrets[level].client.key.len != 0;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	721 }
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	722
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	723
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	724 void
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	725 ngx_quic_keys_discard(ngx_quic_keys_t *keys,
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	726 enum ssl_encryption_level_t level)
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	727 {
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	728 keys->secrets[level].client.key.len = 0;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	729 }
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	730
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	731
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	732 void
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	733 ngx_quic_keys_switch(ngx_connection_t c, ngx_quic_keys_t keys)
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	734 {
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	735 ngx_quic_secrets_t current, next, tmp;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	736
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	737 current = &keys->secrets[ssl_encryption_application];
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	738 next = &keys->next_key;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	739
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	740 tmp = *current;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	741 current = next;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	742 *next = tmp;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	743 }
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	744
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	745
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	746 ngx_int_t
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	747 ngx_quic_keys_update(ngx_connection_t c, ngx_quic_keys_t keys)
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	748 {
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	749 ngx_uint_t i;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	750 ngx_quic_ciphers_t ciphers;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	751 ngx_quic_secrets_t current, next;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	752
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	753 current = &keys->secrets[ssl_encryption_application];
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	754 next = &keys->next_key;
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	755
8360 f175006124d0 Cleaned up hexdumps in debug output. Vladimir Homutov <vl@nginx.com> parents: 8359 diff changeset	756 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic key update");
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	757
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	758 if (ngx_quic_ciphers(keys->cipher, &ciphers, ssl_encryption_application)
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	759 == NGX_ERROR)
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	760 {
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	761 return NGX_ERROR;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	762 }
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	763
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	764 next->client.secret.len = current->client.secret.len;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	765 next->client.key.len = current->client.key.len;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	766 next->client.iv.len = current->client.iv.len;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	767 next->client.hp = current->client.hp;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	768
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	769 next->server.secret.len = current->server.secret.len;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	770 next->server.key.len = current->server.key.len;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	771 next->server.iv.len = current->server.iv.len;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	772 next->server.hp = current->server.hp;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	773
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	774 struct {
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	775 ngx_str_t label;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	776 ngx_str_t *key;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	777 ngx_str_t *secret;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	778 } seq[] = {
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	779 {
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	780 ngx_string("tls13 quic ku"),
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	781 &next->client.secret,
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	782 &current->client.secret,
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	783 },
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	784 {
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	785 ngx_string("tls13 quic key"),
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	786 &next->client.key,
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	787 &next->client.secret,
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	788 },
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	789 {
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	790 ngx_string("tls13 quic iv"),
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	791 &next->client.iv,
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	792 &next->client.secret,
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	793 },
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	794 {
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	795 ngx_string("tls13 quic ku"),
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	796 &next->server.secret,
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	797 &current->server.secret,
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	798 },
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	799 {
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	800 ngx_string("tls13 quic key"),
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	801 &next->server.key,
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	802 &next->server.secret,
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	803 },
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	804 {
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	805 ngx_string("tls13 quic iv"),
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	806 &next->server.iv,
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	807 &next->server.secret,
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	808 },
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	809 };
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	810
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	811 for (i = 0; i < (sizeof(seq) / sizeof(seq[0])); i++) {
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	812
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	813 if (ngx_quic_hkdf_expand(c->pool, ciphers.d, seq[i].key, &seq[i].label,
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	814 seq[i].secret->data, seq[i].secret->len)
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	815 != NGX_OK)
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	816 {
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	817 return NGX_ERROR;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	818 }
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	819 }
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	820
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	821 return NGX_OK;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	822 }
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	823
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	824
8376 2d0f4aa78ed6 Restored ngx_quic_encrypt return type. Sergey Kandaurov <pluknet@nginx.com> parents: 8375 diff changeset	825 static ngx_int_t
8644 e953bd2c5bb3 QUIC: merged create_long/short_packet() functions. Sergey Kandaurov <pluknet@nginx.com> parents: 8643 diff changeset	826 ngx_quic_create_packet(ngx_quic_header_t pkt, ngx_str_t res)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	827 {
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	828 u_char pnp, sample;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	829 ngx_str_t ad, out;
8315 fdda518d10ba Proper handling of packet number in header. Vladimir Homutov <vl@nginx.com> parents: 8313 diff changeset	830 ngx_uint_t i;
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	831 ngx_quic_secret_t *secret;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	832 ngx_quic_ciphers_t ciphers;
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	833 u_char nonce[12], mask[16];
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	834
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	835 out.len = pkt->payload.len + EVP_GCM_TLS_TAG_LEN;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	836
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	837 ad.data = res->data;
8642 05b1ee464350 QUIC: hide header creation internals in ngx_event_quic_transport.c. Sergey Kandaurov <pluknet@nginx.com> parents: 8621 diff changeset	838 ad.len = ngx_quic_create_header(pkt, ad.data, out.len, &pnp);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	839
8318 1bb5e8538d0c Removed excessive debugging in QUIC packet creation. Sergey Kandaurov <pluknet@nginx.com> parents: 8317 diff changeset	840 out.data = res->data + ad.len;
1bb5e8538d0c Removed excessive debugging in QUIC packet creation. Sergey Kandaurov <pluknet@nginx.com> parents: 8317 diff changeset	841
8359 2f900ae486bc Debug cleanup. Vladimir Homutov <vl@nginx.com> parents: 8339 diff changeset	842 #ifdef NGX_QUIC_DEBUG_CRYPTO
8360 f175006124d0 Cleaned up hexdumps in debug output. Vladimir Homutov <vl@nginx.com> parents: 8359 diff changeset	843 ngx_quic_hexdump(pkt->log, "quic ad", ad.data, ad.len);
8359 2f900ae486bc Debug cleanup. Vladimir Homutov <vl@nginx.com> parents: 8339 diff changeset	844 #endif
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	845
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	846 if (ngx_quic_ciphers(pkt->keys->cipher, &ciphers, pkt->level) == NGX_ERROR)
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	847 {
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	848 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	849 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	850
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	851 secret = &pkt->keys->secrets[pkt->level].server;
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	852
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	853 ngx_memcpy(nonce, secret->iv.data, secret->iv.len);
8310 7ac890c18f5e Fixed computing nonce by xoring all packet number bytes. Sergey Kandaurov <pluknet@nginx.com> parents: 8307 diff changeset	854 ngx_quic_compute_nonce(nonce, sizeof(nonce), pkt->number);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	855
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	856 if (ngx_quic_tls_seal(ciphers.c, secret, &out,
8318 1bb5e8538d0c Removed excessive debugging in QUIC packet creation. Sergey Kandaurov <pluknet@nginx.com> parents: 8317 diff changeset	857 nonce, &pkt->payload, &ad, pkt->log)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	858 != NGX_OK)
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	859 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	860 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	861 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	862
8315 fdda518d10ba Proper handling of packet number in header. Vladimir Homutov <vl@nginx.com> parents: 8313 diff changeset	863 sample = &out.data[4 - pkt->num_len];
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	864 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample)
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	865 != NGX_OK)
f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	866 {
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	867 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	868 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	869
8315 fdda518d10ba Proper handling of packet number in header. Vladimir Homutov <vl@nginx.com> parents: 8313 diff changeset	870 /* quic-tls: 5.4.1. Header Protection Application */
8643 5fdd0ef42232 QUIC: macros for manipulating header protection and reserved bits. Sergey Kandaurov <pluknet@nginx.com> parents: 8642 diff changeset	871 ad.data[0] ^= mask[0] & ngx_quic_pkt_hp_mask(pkt->flags);
8315 fdda518d10ba Proper handling of packet number in header. Vladimir Homutov <vl@nginx.com> parents: 8313 diff changeset	872
fdda518d10ba Proper handling of packet number in header. Vladimir Homutov <vl@nginx.com> parents: 8313 diff changeset	873 for (i = 0; i < pkt->num_len; i++) {
fdda518d10ba Proper handling of packet number in header. Vladimir Homutov <vl@nginx.com> parents: 8313 diff changeset	874 pnp[i] ^= mask[i + 1];
fdda518d10ba Proper handling of packet number in header. Vladimir Homutov <vl@nginx.com> parents: 8313 diff changeset	875 }
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	876
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	877 res->len = ad.len + out.len;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	878
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	879 return NGX_OK;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	880 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	881
8285 f85749b60e58 Removed memory allocations from encryption code. Vladimir Homutov <vl@nginx.com> parents: 8265 diff changeset	882
8383 7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	883 static ngx_int_t
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	884 ngx_quic_create_retry_packet(ngx_quic_header_t pkt, ngx_str_t res)
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	885 {
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	886 u_char *start;
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	887 ngx_str_t ad, itag;
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	888 ngx_quic_secret_t secret;
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	889 ngx_quic_ciphers_t ciphers;
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	890
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	891 /* 5.8. Retry Packet Integrity */
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	892 static u_char key[16] =
8448 011668fc9efd Update Initial salt and Retry secret from quic-tls-29. Sergey Kandaurov <pluknet@nginx.com> parents: 8446 diff changeset	893 #if (NGX_QUIC_DRAFT_VERSION >= 29)
011668fc9efd Update Initial salt and Retry secret from quic-tls-29. Sergey Kandaurov <pluknet@nginx.com> parents: 8446 diff changeset	894 "\xcc\xce\x18\x7e\xd0\x9a\x09\xd0\x57\x28\x15\x5a\x6c\xb9\x6b\xe1";
011668fc9efd Update Initial salt and Retry secret from quic-tls-29. Sergey Kandaurov <pluknet@nginx.com> parents: 8446 diff changeset	895 #else
011668fc9efd Update Initial salt and Retry secret from quic-tls-29. Sergey Kandaurov <pluknet@nginx.com> parents: 8446 diff changeset	896 "\x4d\x32\xec\xdb\x2a\x21\x33\xc8\x41\xe4\x04\x3d\xf2\x7d\x44\x30";
011668fc9efd Update Initial salt and Retry secret from quic-tls-29. Sergey Kandaurov <pluknet@nginx.com> parents: 8446 diff changeset	897 #endif
8383 7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	898 static u_char nonce[12] =
8448 011668fc9efd Update Initial salt and Retry secret from quic-tls-29. Sergey Kandaurov <pluknet@nginx.com> parents: 8446 diff changeset	899 #if (NGX_QUIC_DRAFT_VERSION >= 29)
011668fc9efd Update Initial salt and Retry secret from quic-tls-29. Sergey Kandaurov <pluknet@nginx.com> parents: 8446 diff changeset	900 "\xe5\x49\x30\xf9\x7f\x21\x36\xf0\x53\x0a\x8c\x1c";
011668fc9efd Update Initial salt and Retry secret from quic-tls-29. Sergey Kandaurov <pluknet@nginx.com> parents: 8446 diff changeset	901 #else
011668fc9efd Update Initial salt and Retry secret from quic-tls-29. Sergey Kandaurov <pluknet@nginx.com> parents: 8446 diff changeset	902 "\x4d\x16\x11\xd0\x55\x13\xa5\x52\xc5\x87\xd5\x75";
011668fc9efd Update Initial salt and Retry secret from quic-tls-29. Sergey Kandaurov <pluknet@nginx.com> parents: 8446 diff changeset	903 #endif
8383 7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	904 static ngx_str_t in = ngx_string("");
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	905
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	906 ad.data = res->data;
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	907 ad.len = ngx_quic_create_retry_itag(pkt, ad.data, &start);
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	908
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	909 itag.data = ad.data + ad.len;
8394 df18ae7161b8 Assorted fixes. Sergey Kandaurov <pluknet@nginx.com> parents: 8386 diff changeset	910 itag.len = EVP_GCM_TLS_TAG_LEN;
8383 7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	911
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	912 #ifdef NGX_QUIC_DEBUG_CRYPTO
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	913 ngx_quic_hexdump(pkt->log, "quic retry itag", ad.data, ad.len);
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	914 #endif
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	915
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	916 if (ngx_quic_ciphers(0, &ciphers, pkt->level) == NGX_ERROR) {
8383 7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	917 return NGX_ERROR;
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	918 }
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	919
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	920 secret.key.len = sizeof(key);
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	921 secret.key.data = key;
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	922 secret.iv.len = sizeof(nonce);
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	923
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	924 if (ngx_quic_tls_seal(ciphers.c, &secret, &itag, nonce, &in, &ad, pkt->log)
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	925 != NGX_OK)
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	926 {
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	927 return NGX_ERROR;
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	928 }
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	929
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	930 res->len = itag.data + itag.len - start;
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	931 res->data = start;
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	932
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	933 return NGX_OK;
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	934 }
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	935
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	936
8562 b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	937 ngx_int_t
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	938 ngx_quic_new_sr_token(ngx_connection_t c, ngx_str_t cid, ngx_str_t *secret,
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	939 u_char *token)
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	940 {
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	941 uint8_t *p;
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	942 size_t is_len, key_len, info_len;
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	943 ngx_str_t label;
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	944 const EVP_MD *digest;
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	945 uint8_t info[20];
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	946 uint8_t is[SHA256_DIGEST_LENGTH];
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	947 uint8_t key[SHA256_DIGEST_LENGTH];
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	948
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	949 /* 10.4.2. Calculating a Stateless Reset Token */
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	950
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	951 digest = EVP_sha256();
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	952 ngx_str_set(&label, "sr_token_key");
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	953
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	954 if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len,
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	955 cid->data, cid->len)
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	956 != NGX_OK)
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	957 {
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	958 ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	959 "ngx_hkdf_extract(%V) failed", &label);
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	960 return NGX_ERROR;
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	961 }
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	962
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	963 key_len = SHA256_DIGEST_LENGTH;
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	964
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	965 info_len = 2 + 1 + label.len + 1;
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	966
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	967 info[0] = 0;
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	968 info[1] = key_len;
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	969 info[2] = label.len;
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	970
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	971 p = ngx_cpymem(&info[3], label.data, label.len);
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	972 *p = '\0';
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	973
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	974 if (ngx_hkdf_expand(key, key_len, digest, is, is_len, info, info_len)
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	975 != NGX_OK)
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	976 {
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	977 ngx_ssl_error(NGX_LOG_INFO, c->log, 0,
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	978 "ngx_hkdf_expand(%V) failed", &label);
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	979 return NGX_ERROR;
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	980 }
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	981
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	982 ngx_memcpy(token, key, NGX_QUIC_SR_TOKEN_LEN);
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	983
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	984 #if (NGX_DEBUG)
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	985 ngx_quic_hexdump(c->log, "quic stateless reset token", token,
8565 0e12c4aca3ab QUIC: fixed clang-ast asserts. Sergey Kandaurov <pluknet@nginx.com> parents: 8562 diff changeset	986 (size_t) NGX_QUIC_SR_TOKEN_LEN);
8562 b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	987 #endif
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	988
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	989 return NGX_OK;
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	990 }
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	991
b31c02454539 QUIC: added stateless reset support. Vladimir Homutov <vl@nginx.com> parents: 8558 diff changeset	992
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	993 static uint64_t
8339 aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	994 ngx_quic_parse_pn(u_char *pos, ngx_int_t len, u_char mask,
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	995 uint64_t *largest_pn)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	996 {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	997 u_char *p;
8339 aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	998 uint64_t truncated_pn, expected_pn, candidate_pn;
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	999 uint64_t pn_nbits, pn_win, pn_hwin, pn_mask;
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1000
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1001 pn_nbits = ngx_min(len * 8, 62);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1002
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1003 p = *pos;
8339 aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1004 truncated_pn = p++ ^ mask++;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1005
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1006 while (--len) {
8339 aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1007 truncated_pn = (truncated_pn << 8) + (p++ ^ mask++);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1008 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1009
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1010 *pos = p;
8339 aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1011
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1012 expected_pn = *largest_pn + 1;
8394 df18ae7161b8 Assorted fixes. Sergey Kandaurov <pluknet@nginx.com> parents: 8386 diff changeset	1013 pn_win = 1ULL << pn_nbits;
8339 aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1014 pn_hwin = pn_win / 2;
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1015 pn_mask = pn_win - 1;
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1016
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1017 candidate_pn = (expected_pn & ~pn_mask) \| truncated_pn;
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1018
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1019 if ((int64_t) candidate_pn <= (int64_t) (expected_pn - pn_hwin)
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1020 && candidate_pn < (1ULL << 62) - pn_win)
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1021 {
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1022 candidate_pn += pn_win;
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1023
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1024 } else if (candidate_pn > expected_pn + pn_hwin
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1025 && candidate_pn >= pn_win)
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1026 {
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1027 candidate_pn -= pn_win;
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1028 }
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1029
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1030 largest_pn = ngx_max((int64_t) largest_pn, (int64_t) candidate_pn);
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1031
aba84d9ab256 Parsing of truncated packet numbers. Sergey Kandaurov <pluknet@nginx.com> parents: 8324 diff changeset	1032 return candidate_pn;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1033 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1034
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1035
8310 7ac890c18f5e Fixed computing nonce by xoring all packet number bytes. Sergey Kandaurov <pluknet@nginx.com> parents: 8307 diff changeset	1036 static void
7ac890c18f5e Fixed computing nonce by xoring all packet number bytes. Sergey Kandaurov <pluknet@nginx.com> parents: 8307 diff changeset	1037 ngx_quic_compute_nonce(u_char *nonce, size_t len, uint64_t pn)
7ac890c18f5e Fixed computing nonce by xoring all packet number bytes. Sergey Kandaurov <pluknet@nginx.com> parents: 8307 diff changeset	1038 {
8313 c625bde6cb77 Fixed computing nonce again, by properly shifting packet number. Sergey Kandaurov <pluknet@nginx.com> parents: 8310 diff changeset	1039 nonce[len - 4] ^= (pn & 0xff000000) >> 24;
c625bde6cb77 Fixed computing nonce again, by properly shifting packet number. Sergey Kandaurov <pluknet@nginx.com> parents: 8310 diff changeset	1040 nonce[len - 3] ^= (pn & 0x00ff0000) >> 16;
c625bde6cb77 Fixed computing nonce again, by properly shifting packet number. Sergey Kandaurov <pluknet@nginx.com> parents: 8310 diff changeset	1041 nonce[len - 2] ^= (pn & 0x0000ff00) >> 8;
c625bde6cb77 Fixed computing nonce again, by properly shifting packet number. Sergey Kandaurov <pluknet@nginx.com> parents: 8310 diff changeset	1042 nonce[len - 1] ^= (pn & 0x000000ff);
8310 7ac890c18f5e Fixed computing nonce by xoring all packet number bytes. Sergey Kandaurov <pluknet@nginx.com> parents: 8307 diff changeset	1043 }
7ac890c18f5e Fixed computing nonce by xoring all packet number bytes. Sergey Kandaurov <pluknet@nginx.com> parents: 8307 diff changeset	1044
7ac890c18f5e Fixed computing nonce by xoring all packet number bytes. Sergey Kandaurov <pluknet@nginx.com> parents: 8307 diff changeset	1045
8376 2d0f4aa78ed6 Restored ngx_quic_encrypt return type. Sergey Kandaurov <pluknet@nginx.com> parents: 8375 diff changeset	1046 ngx_int_t
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	1047 ngx_quic_encrypt(ngx_quic_header_t pkt, ngx_str_t res)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1048 {
8383 7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	1049 if (ngx_quic_pkt_retry(pkt->flags)) {
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	1050 return ngx_quic_create_retry_packet(pkt, res);
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	1051 }
7ea34e13937f Address validation using Retry packets. Sergey Kandaurov <pluknet@nginx.com> parents: 8376 diff changeset	1052
8644 e953bd2c5bb3 QUIC: merged create_long/short_packet() functions. Sergey Kandaurov <pluknet@nginx.com> parents: 8643 diff changeset	1053 return ngx_quic_create_packet(pkt, res);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1054 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1055
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1056
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1057 ngx_int_t
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	1058 ngx_quic_decrypt(ngx_quic_header_t pkt, uint64_t largest_pn)
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1059 {
8645 ae4bffb75df8 QUIC: simplified and streamlined ngx_quic_decrypt(). Sergey Kandaurov <pluknet@nginx.com> parents: 8644 diff changeset	1060 u_char p, sample;
8558 0f37b4ef3cd9 QUIC: keep the entire packet size in pkt->len. Roman Arutyunyan <arut@nginx.com> parents: 8544 diff changeset	1061 size_t len;
8532 b13141d6d250 QUIC: do not update largest packet number from a bad packet. Roman Arutyunyan <arut@nginx.com> parents: 8525 diff changeset	1062 uint64_t pn, lpn;
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	1063 ngx_int_t pnl, rc, key_phase;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1064 ngx_str_t in, ad;
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	1065 ngx_quic_secret_t *secret;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1066 ngx_quic_ciphers_t ciphers;
8288 ebd5c71b9f02 Got rid of memory allocation in decryption. Vladimir Homutov <vl@nginx.com> parents: 8287 diff changeset	1067 uint8_t mask[16], nonce[12];
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1068
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	1069 if (ngx_quic_ciphers(pkt->keys->cipher, &ciphers, pkt->level) == NGX_ERROR)
9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	1070 {
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1071 return NGX_ERROR;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1072 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1073
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	1074 secret = &pkt->keys->secrets[pkt->level].client;
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	1075
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1076 p = pkt->raw->pos;
8558 0f37b4ef3cd9 QUIC: keep the entire packet size in pkt->len. Roman Arutyunyan <arut@nginx.com> parents: 8544 diff changeset	1077 len = pkt->data + pkt->len - p;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1078
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1079 /* draft-ietf-quic-tls-23#section-5.4.2:
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1080 * the Packet Number field is assumed to be 4 bytes long
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1081 * draft-ietf-quic-tls-23#section-5.4.[34]:
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1082 * AES-Based and ChaCha20-Based header protections sample 16 bytes
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1083 */
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1084
8558 0f37b4ef3cd9 QUIC: keep the entire packet size in pkt->len. Roman Arutyunyan <arut@nginx.com> parents: 8544 diff changeset	1085 if (len < EVP_GCM_TLS_TAG_LEN + 4) {
8543 9aedab0f0dff QUIC: check that the packet length is of at least sample size. Sergey Kandaurov <pluknet@nginx.com> parents: 8542 diff changeset	1086 return NGX_DECLINED;
9aedab0f0dff QUIC: check that the packet length is of at least sample size. Sergey Kandaurov <pluknet@nginx.com> parents: 8542 diff changeset	1087 }
9aedab0f0dff QUIC: check that the packet length is of at least sample size. Sergey Kandaurov <pluknet@nginx.com> parents: 8542 diff changeset	1088
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1089 sample = p + 4;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1090
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1091 /* header protection */
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1092
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	1093 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample)
8287 ccb9cc95ad5e Logging cleanup. Vladimir Homutov <vl@nginx.com> parents: 8285 diff changeset	1094 != NGX_OK)
ccb9cc95ad5e Logging cleanup. Vladimir Homutov <vl@nginx.com> parents: 8285 diff changeset	1095 {
8446 df29219988bc Discard short packets which could not be decrypted. Sergey Kandaurov <pluknet@nginx.com> parents: 8445 diff changeset	1096 return NGX_DECLINED;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1097 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1098
8645 ae4bffb75df8 QUIC: simplified and streamlined ngx_quic_decrypt(). Sergey Kandaurov <pluknet@nginx.com> parents: 8644 diff changeset	1099 pkt->flags ^= mask[0] & ngx_quic_pkt_hp_mask(pkt->flags);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1100
8643 5fdd0ef42232 QUIC: macros for manipulating header protection and reserved bits. Sergey Kandaurov <pluknet@nginx.com> parents: 8642 diff changeset	1101 if (ngx_quic_short_pkt(pkt->flags)) {
8645 ae4bffb75df8 QUIC: simplified and streamlined ngx_quic_decrypt(). Sergey Kandaurov <pluknet@nginx.com> parents: 8644 diff changeset	1102 key_phase = (pkt->flags & NGX_QUIC_PKT_KPHASE) != 0;
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	1103
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	1104 if (key_phase != pkt->key_phase) {
8621 9c3be23ddbe7 QUIC: refactored key handling. Sergey Kandaurov <pluknet@nginx.com> parents: 8609 diff changeset	1105 secret = &pkt->keys->next_key.client;
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	1106 pkt->key_update = 1;
29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	1107 }
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1108 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1109
8532 b13141d6d250 QUIC: do not update largest packet number from a bad packet. Roman Arutyunyan <arut@nginx.com> parents: 8525 diff changeset	1110 lpn = *largest_pn;
b13141d6d250 QUIC: do not update largest packet number from a bad packet. Roman Arutyunyan <arut@nginx.com> parents: 8525 diff changeset	1111
8645 ae4bffb75df8 QUIC: simplified and streamlined ngx_quic_decrypt(). Sergey Kandaurov <pluknet@nginx.com> parents: 8644 diff changeset	1112 pnl = (pkt->flags & 0x03) + 1;
8532 b13141d6d250 QUIC: do not update largest packet number from a bad packet. Roman Arutyunyan <arut@nginx.com> parents: 8525 diff changeset	1113 pn = ngx_quic_parse_pn(&p, pnl, &mask[1], &lpn);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1114
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1115 pkt->pn = pn;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1116
8287 ccb9cc95ad5e Logging cleanup. Vladimir Homutov <vl@nginx.com> parents: 8285 diff changeset	1117 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
8645 ae4bffb75df8 QUIC: simplified and streamlined ngx_quic_decrypt(). Sergey Kandaurov <pluknet@nginx.com> parents: 8644 diff changeset	1118 "quic packet rx clearflags:%xd", pkt->flags);
8287 ccb9cc95ad5e Logging cleanup. Vladimir Homutov <vl@nginx.com> parents: 8285 diff changeset	1119 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
8609 f32740ddd484 QUIC: got rid of "pkt" abbreviation in logs. Vladimir Homutov <vl@nginx.com> parents: 8608 diff changeset	1120 "quic packet rx number:%uL len:%xi", pn, pnl);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1121
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1122 /* packet protection */
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1123
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1124 in.data = p;
8558 0f37b4ef3cd9 QUIC: keep the entire packet size in pkt->len. Roman Arutyunyan <arut@nginx.com> parents: 8544 diff changeset	1125 in.len = len - pnl;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1126
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1127 ad.len = p - pkt->data;
8288 ebd5c71b9f02 Got rid of memory allocation in decryption. Vladimir Homutov <vl@nginx.com> parents: 8287 diff changeset	1128 ad.data = pkt->plaintext;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1129
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1130 ngx_memcpy(ad.data, pkt->data, ad.len);
8645 ae4bffb75df8 QUIC: simplified and streamlined ngx_quic_decrypt(). Sergey Kandaurov <pluknet@nginx.com> parents: 8644 diff changeset	1131 ad.data[0] = pkt->flags;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1132
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1133 do {
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1134 ad.data[ad.len - pnl] = pn >> (8 * (pnl - 1)) % 256;
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1135 } while (--pnl);
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1136
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	1137 ngx_memcpy(nonce, secret->iv.data, secret->iv.len);
8310 7ac890c18f5e Fixed computing nonce by xoring all packet number bytes. Sergey Kandaurov <pluknet@nginx.com> parents: 8307 diff changeset	1138 ngx_quic_compute_nonce(nonce, sizeof(nonce), pn);
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1139
8359 2f900ae486bc Debug cleanup. Vladimir Homutov <vl@nginx.com> parents: 8339 diff changeset	1140 #ifdef NGX_QUIC_DEBUG_CRYPTO
8360 f175006124d0 Cleaned up hexdumps in debug output. Vladimir Homutov <vl@nginx.com> parents: 8359 diff changeset	1141 ngx_quic_hexdump(pkt->log, "quic ad", ad.data, ad.len);
8359 2f900ae486bc Debug cleanup. Vladimir Homutov <vl@nginx.com> parents: 8339 diff changeset	1142 #endif
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1143
8288 ebd5c71b9f02 Got rid of memory allocation in decryption. Vladimir Homutov <vl@nginx.com> parents: 8287 diff changeset	1144 pkt->payload.len = in.len - EVP_GCM_TLS_TAG_LEN;
ebd5c71b9f02 Got rid of memory allocation in decryption. Vladimir Homutov <vl@nginx.com> parents: 8287 diff changeset	1145 pkt->payload.data = pkt->plaintext + ad.len;
ebd5c71b9f02 Got rid of memory allocation in decryption. Vladimir Homutov <vl@nginx.com> parents: 8287 diff changeset	1146
8319 29354c6fc5f2 TLS Key Update in QUIC. Sergey Kandaurov <pluknet@nginx.com> parents: 8318 diff changeset	1147 rc = ngx_quic_tls_open(ciphers.c, secret, &pkt->payload,
8287 ccb9cc95ad5e Logging cleanup. Vladimir Homutov <vl@nginx.com> parents: 8285 diff changeset	1148 nonce, &in, &ad, pkt->log);
8386 81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1149 if (rc != NGX_OK) {
8446 df29219988bc Discard short packets which could not be decrypted. Sergey Kandaurov <pluknet@nginx.com> parents: 8445 diff changeset	1150 return NGX_DECLINED;
8386 81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1151 }
81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1152
8646 4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1153 if (pkt->payload.len == 0) {
4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1154 /*
4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1155 * An endpoint MUST treat receipt of a packet containing no
4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1156 * frames as a connection error of type PROTOCOL_VIOLATION.
4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1157 */
4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1158 ngx_log_error(NGX_LOG_INFO, pkt->log, 0, "quic zero-length packet");
4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1159 pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION;
4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1160 return NGX_ERROR;
4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1161 }
4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1162
8645 ae4bffb75df8 QUIC: simplified and streamlined ngx_quic_decrypt(). Sergey Kandaurov <pluknet@nginx.com> parents: 8644 diff changeset	1163 if (pkt->flags & ngx_quic_pkt_rb_mask(pkt->flags)) {
8386 81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1164 /*
81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1165 * An endpoint MUST treat receipt of a packet that has
81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1166 * a non-zero value for these bits, after removing both
81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1167 * packet and header protection, as a connection error
81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1168 * of type PROTOCOL_VIOLATION.
81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1169 */
81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1170 ngx_log_error(NGX_LOG_INFO, pkt->log, 0,
81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1171 "quic reserved bit set in packet");
81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1172 pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION;
81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1173 return NGX_ERROR;
81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1174 }
81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1175
8646 4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1176 #if defined(NGX_QUIC_DEBUG_CRYPTO) && defined(NGX_QUIC_DEBUG_PACKETS)
4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1177 ngx_quic_hexdump(pkt->log, "quic packet payload",
4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1178 pkt->payload.data, pkt->payload.len);
4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1179 #endif
4bf332873a83 QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Sergey Kandaurov <pluknet@nginx.com> parents: 8645 diff changeset	1180
8532 b13141d6d250 QUIC: do not update largest packet number from a bad packet. Roman Arutyunyan <arut@nginx.com> parents: 8525 diff changeset	1181 *largest_pn = lpn;
b13141d6d250 QUIC: do not update largest packet number from a bad packet. Roman Arutyunyan <arut@nginx.com> parents: 8525 diff changeset	1182
8386 81f85c479d7e Discard packets without fixed bit or reserved bits set. Vladimir Homutov <vl@nginx.com> parents: 8383 diff changeset	1183 return NGX_OK;
8221 69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1184 }
69345a26ba69 Split transport and crypto parts into separate files. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1185

Mercurial > hg > nginx

annotate src/event/ngx_event_quic_protection.c @ 8646:4bf332873a83 quic